Re: Does anyone know what this spam means

Wed, 12 Jun 2002 10:13:07 -0700 

At 11:27 AM 6/12/2002, Robin Colgrove wrote:
 >12:08:11 0 SYSTEM The current date is Wednesday, June 12, 2002
 >12:08:11 2 SMTP-808(ratree.psu.ac.th) {S.0000085626} received, 149578
 >Has anyone heard of this outfit?

they are almost certainly unwitting dupes.

 >Any advice on how to respond?

Block Prince of Songkla University with your SMTP blacklist.

First, get the message and look at extended headers.  Find the received 
line at the top.  It will probably look like this:

Received: from mail.stalker.com ([209.1.58.249] verified) by 
mail.whiterose.org (Stalker SMTP Server 1.8b8) with ESMTP id S.0000294934 
for <[EMAIL PROTECTED]>; Wed, 12 Jun 2002 11:26:48 -0500

Copy the IP (in this case 209.1.58.249, but in your case 202.28.96.5).
Go to one of the many fine IP tools sites on the web.  I recommend 
http://www.samspade.org .  Put the IP in his form and choose 'Do Stuff'.

The results show that 202.28.96.5 is actually ratree.psu.ac.th, which 
indicates that this is most likely an open relay that is known to spammers.

At this point, I would add a range of IPs to my SMTP blacklist in 
SIMS.  There are other options, such as patiently emailing the various 
contacts at Prince of Songkla University or reporting the SPAM to 
Spamcop.net or one of the RBL sites.  That's up to you.

If you block, you have some options based on the Whois report that SamSpade 
returned.
1: Block 202.28.96.5 -- this will stop this IP, but not other machines in 
their network
2: Block 202.28.96.0-202.28.96.255 -- stop all email from Prince of Songkla 
University
3: Block 202.0.0.0 - 203.255.255.255 -- stop all email from anyone served 
by the Asia Pacific NIC

I would choose #2, but to each his/her own.


 >--------------
Michael Croft                     "Babeheart?  What's it about?"
mailto:[EMAIL PROTECTED]      it's about a cute little pig that
http://www.whiterose.org/michael  slaughters the English"
                                               -- Freakazoid
 >-------------- 



#############################################################
This message is sent to you because you are subscribed to
  the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

Reply via email to